<html>
<head><meta charset="utf-8"><title>stacked borrows: llvm-noalias violation in safe code · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html">stacked borrows: llvm-noalias violation in safe code</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="148370161"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148370161" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148370161">(Nov 26 2018 at 14:29)</a>:</h4>
<p>example:</p>
<div class="codehilite"><pre><span></span>let x: &amp;mut u32 = a;
let raw_ptr: *const u32 = x;
foo(x, raw_ptr);

fn foo(x: &amp;mut u32, raw_ptr: *const u32) -&gt; u32 {
    let x = &amp;mut *x; // stack is now [..., Uniq(N)]
    *x = 5;
    let y = &amp;*x; // stack is now [..., Uniq(N), Shr]

    // this is OK according to stacked borrows because of the Shr tag, but is UB
    // according to LLVM noalias and would be hard to make non-UB.
    unsafe { *raw_ptr }
}
</pre></div>



<a name="148698750"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148698750" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148698750">(Nov 28 2018 at 09:12)</a>:</h4>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span> This is an example of code that is UB according to LLVM but not according to Stacked Borrows. I designed Stacked Borrows coming more from the Rust side than from the LLVM side, so I am not too surprised these exist, but it means Stacked Borrows cannot be the end of the story for justifying <code>noalias</code>.</p>



<a name="148698757"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148698757" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148698757">(Nov 28 2018 at 09:13)</a>:</h4>
<p><span class="user-mention" data-user-id="126804">@Ariel Ben-Yehuda</span> you had another interesting example, involving <code>mem::replace</code> or so, didn't you?</p>



<a name="148698772"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148698772" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148698772">(Nov 28 2018 at 09:13)</a>:</h4>
<p>My general plan for this is that I hope to work with some other people on better understanding LLVM noalias, and once we got that we can see how much of that we have to incorporate into Rust, and how it interacts with Stacked Borrows.</p>



<a name="148698775"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148698775" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148698775">(Nov 28 2018 at 09:13)</a>:</h4>
<p>but that's a multi-year plan ;)</p>



<a name="148723271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723271">(Nov 28 2018 at 16:16)</a>:</h4>
<p>I would really hope that's ub in any system we come up with</p>



<a name="148723307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723307">(Nov 28 2018 at 16:17)</a>:</h4>
<p>we should be able to assume <code>&amp;mut</code> pointers don't alias anything</p>



<a name="148723533"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723533" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723533">(Nov 28 2018 at 16:21)</a>:</h4>
<p>especially other function parameters</p>



<a name="148723852"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723852" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723852">(Nov 28 2018 at 16:25)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> that doesn't hold though, here is a counterexample:</p>
<div class="codehilite"><pre><span></span><span class="k">use</span><span class="w"> </span><span class="n">std</span>::<span class="n">cell</span>::<span class="n">RefCell</span><span class="p">;</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">fn</span> <span class="nf">inner</span><span class="p">(</span><span class="n">rc</span>: <span class="kp">&amp;</span><span class="nc">RefCell</span><span class="o">&lt;</span><span class="kt">i32</span><span class="o">&gt;</span><span class="p">,</span><span class="w"> </span><span class="n">aliasing</span>: <span class="kp">&amp;</span><span class="nc">mut</span><span class="w"> </span><span class="kt">i32</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="c1">// the two pointers alias (they are not equal, but they overlap)</span>
<span class="w">        </span><span class="n">println</span><span class="o">!</span><span class="p">(</span><span class="s">&quot;{:?} + {} = {:?}&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">            </span><span class="n">rc</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="n">_</span><span class="p">,</span><span class="w"></span>
<span class="w">            </span><span class="p">(</span><span class="n">aliasing</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">mut</span><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="kt">usize</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="p">(</span><span class="n">rc</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="kt">usize</span><span class="p">),</span><span class="w"></span>
<span class="w">            </span><span class="n">aliasing</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">mut</span><span class="w"> </span><span class="n">_</span><span class="w"></span>
<span class="w">        </span><span class="p">);</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>

<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">rc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RefCell</span>::<span class="n">new</span><span class="p">(</span><span class="mi">23</span><span class="p">);</span><span class="w"></span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="k">mut</span><span class="w"> </span><span class="n">bmut</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">rc</span><span class="p">.</span><span class="n">borrow_mut</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="n">inner</span><span class="p">(</span><span class="o">&amp;</span><span class="n">rc</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="o">*</span><span class="n">bmut</span><span class="p">);</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="148723955"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723955" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723955">(Nov 28 2018 at 16:26)</a>:</h4>
<p>that's not aliasing?</p>



<a name="148723974"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148723974" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148723974">(Nov 28 2018 at 16:27)</a>:</h4>
<p>that's pointers being equal</p>



<a name="148724097"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724097" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724097">(Nov 28 2018 at 16:28)</a>:</h4>
<p>so you are not actually talking about the property of pointers then, but about the property of accesses "done through" them</p>



<a name="148724125"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724125" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724125">(Nov 28 2018 at 16:29)</a>:</h4>
<p>yes</p>



<a name="148724137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724137">(Nov 28 2018 at 16:29)</a>:</h4>
<p>I think I know what you mean, I am not sure I agree though. I don't think raw pointers should have an identity. That's just an unnecessary complication in usually-already-complicated raw ptr code.</p>



<a name="148724140"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724140" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724140">(Nov 28 2018 at 16:29)</a>:</h4>
<p>the type system must guarantee that those accesses do not alias</p>



<a name="148724229"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724229" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724229">(Nov 28 2018 at 16:30)</a>:</h4>
<p>but raw pointers probably must have an identity for purposes of alias analysis</p>



<a name="148724240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724240">(Nov 28 2018 at 16:30)</a>:</h4>
<p>since they do have an identity in LLVM</p>



<a name="148724438"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724438" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724438">(Nov 28 2018 at 16:33)</a>:</h4>
<blockquote>
<p>since they do have an identity in LLVM</p>
</blockquote>
<p>at this point I am still trying to separate "the model we want" from constraints like "how LLVM works". that may be just naive or idealistic, but well, I'm dreaming a bit ;)</p>



<a name="148724458"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724458" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724458">(Nov 28 2018 at 16:33)</a>:</h4>
<p>I mean that's fair, but we should keep in mind LLVM</p>



<a name="148724507"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724507" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724507">(Nov 28 2018 at 16:34)</a>:</h4>
<p>it's been designed in a reasonably useful way for optimization</p>



<a name="148724514"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724514" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724514">(Nov 28 2018 at 16:34)</a>:</h4>
<p>fair enough</p>



<a name="148724527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724527">(Nov 28 2018 at 16:34)</a>:</h4>
<p>I'm not gonna say raw pointers must have identity, I don't know, but that example must be UB</p>



<a name="148724540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724540">(Nov 28 2018 at 16:35)</a>:</h4>
<p>hence my long-term plan: 1. understand LLVM noalias (for me this means have a precise formal model, one that one could use to prove things in), and then 2. see if from that we can glean how to make Stacked Borrows compatible, or maybe small tweaks to LLVM that might be acceptable upstream to make it more compatible with an idea of "untracked pointers"</p>



<a name="148724634"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724634" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724634">(Nov 28 2018 at 16:36)</a>:</h4>
<blockquote>
<p>but that example must be UB</p>
</blockquote>
<p>that is because LLVM treats it as such and you consider LLVM immutable, or because there are good reasons for this from a pure Rust perspective?</p>



<a name="148724732"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724732" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724732">(Nov 28 2018 at 16:37)</a>:</h4>
<p>I <em>think</em> the current model is sound wrt LLVM if no raw pointers are involved, which is a good start IMO.</p>



<a name="148724824"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724824" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724824">(Nov 28 2018 at 16:39)</a>:</h4>
<p>because there are good reasons for this from a pure rust perspective</p>



<a name="148724865"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148724865" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148724865">(Nov 28 2018 at 16:39)</a>:</h4>
<p>basically, I don't think introducing raw pointers should do anything to optimization</p>



<a name="148725022"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725022" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725022">(Nov 28 2018 at 16:41)</a>:</h4>
<p><code>*const T</code> should be treated as a nullable, maybe-unaligned <code>&amp;T</code>, while <code>*mut T</code> should be treated as a nullable, maybe-unaligned <code>&amp;UnsafeCell&lt;T&gt;</code></p>



<a name="148725032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725032">(Nov 28 2018 at 16:41)</a>:</h4>
<p>(that was weird UX things)</p>



<a name="148725107"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725107" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725107">(Nov 28 2018 at 16:42)</a>:</h4>
<p>also to be clear, I really like stacked borrows, I think it's a fantastic model which just requires a bit of working out the kinks</p>



<a name="148725297"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725297" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725297">(Nov 28 2018 at 16:45)</a>:</h4>
<blockquote>
<p>also to be clear, I really like stacked borrows, I think it's a fantastic model which just requires a bit of working out the kinks</p>
</blockquote>
<p>good to hear. :) I am sure it's not ready yet</p>



<a name="148725383"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725383" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725383">(Nov 28 2018 at 16:46)</a>:</h4>
<blockquote>
<p>*const T should be treated as a nullable, maybe-unaligned &amp;T</p>
</blockquote>
<p>that can't be entirely right, <code>&amp;i32</code> e.g. asserts immutability while <code>*const i32</code> is fine with writes through other pointers to the same location</p>



<a name="148725438"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725438" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725438">(Nov 28 2018 at 16:47)</a>:</h4>
<p>mmh, good point</p>



<a name="148725461"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725461" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725461">(Nov 28 2018 at 16:47)</a>:</h4>
<p>about the example: the reason it is considered okay by stacked borrows is that the mutable ref <em>did</em> get shared. so reads can happen through shared references</p>



<a name="148725527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725527">(Nov 28 2018 at 16:48)</a>:</h4>
<p>also allowing reads through raw pointers at that point didn't seem too harmful</p>



<a name="148725537"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725537" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725537">(Nov 28 2018 at 16:48)</a>:</h4>
<p>so <code>*const T</code> should also be treated as <code>&amp;UnsafeCell&lt;T&gt;</code> probably</p>



<a name="148725573"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725573" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725573">(Nov 28 2018 at 16:48)</a>:</h4>
<p>fixing this particular example is easy though (just disallow raw ptr reads when the location was never cast to a raw ptr). variants of it are harder.</p>



<a name="148725603"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725603" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725603">(Nov 28 2018 at 16:49)</a>:</h4>
<p>even then, it seems untenable to support</p>



<a name="148725621"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725621" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725621">(Nov 28 2018 at 16:49)</a>:</h4>
<div class="codehilite"><pre><span></span><span class="k">fn</span> <span class="nf">foo</span><span class="p">(</span><span class="n">x</span>: <span class="kp">&amp;</span><span class="nc">mut</span><span class="w"> </span><span class="kt">u32</span><span class="p">,</span><span class="w"> </span><span class="n">raw_ptr</span>: <span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="kt">u32</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="kt">u32</span> <span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="o">*</span><span class="n">x</span><span class="p">;</span><span class="w"> </span><span class="c1">// stack is now [..., Uniq(N)]</span>
<span class="w">    </span><span class="o">*</span><span class="n">x</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">5</span><span class="p">;</span><span class="w"></span>
<span class="w">    </span><span class="n">mem</span>::<span class="n">swap</span><span class="p">(</span><span class="n">x</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="mi">16</span><span class="p">);</span><span class="w"> </span><span class="c1">// internally uses raw pointers</span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">y</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;*</span><span class="n">x</span><span class="p">;</span><span class="w"> </span><span class="c1">// stack is now [..., Uniq(N), Shr]</span>

<span class="w">    </span><span class="c1">// this is OK according to stacked borrows because of the Shr tag, but is UB</span>
<span class="w">    </span><span class="c1">// according to LLVM noalias and would be hard to make non-UB.</span>
<span class="w">    </span><span class="k">unsafe</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="o">*</span><span class="n">raw_ptr</span><span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="148725712"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725712" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725712">(Nov 28 2018 at 16:50)</a>:</h4>
<p>here the location actually <em>does</em> get "leaked" to raw ptrs by <code>mem::swap</code>, hence justifying the raw ptr access later</p>



<a name="148725729"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725729" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725729">(Nov 28 2018 at 16:50)</a>:</h4>
<div class="codehilite"><pre><span></span>let x : *mut i32;
let y : &amp;mut i32;

*y = 0;
y as *mut i32;
*x
</pre></div>



<a name="148725743"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725743" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725743">(Nov 28 2018 at 16:50)</a>:</h4>
<p>I don't see a way to rule this out without tracking raw ptr identity</p>



<a name="148725749"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725749" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725749">(Nov 28 2018 at 16:50)</a>:</h4>
<p>right</p>



<a name="148725755"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725755" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725755">(Nov 28 2018 at 16:50)</a>:</h4>
<p>I'd argue that that's the solution</p>



<a name="148725778"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725778" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725778">(Nov 28 2018 at 16:51)</a>:</h4>
<p>I'd argue that cure is worse than the disease ;)</p>



<a name="148725804"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725804" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725804">(Nov 28 2018 at 16:51)</a>:</h4>
<p>basically I am not convinced that the additional power this gives to the optimizer is worth the additional complexity this imposes on every unsafe code author</p>



<a name="148725861"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725861" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725861">(Nov 28 2018 at 16:52)</a>:</h4>
<p>I mean... the complexity is imposed already</p>



<a name="148725873"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725873" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725873">(Nov 28 2018 at 16:52)</a>:</h4>
<p>I also don't think it's really any extra complexity for unsafe authors</p>



<a name="148725879"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725879" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725879">(Nov 28 2018 at 16:52)</a>:</h4>
<p>raw pointers not being tracked seems like a very useful complexity reduction to me</p>



<a name="148725884"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725884" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725884">(Nov 28 2018 at 16:52)</a>:</h4>
<p>but I might also be overestimating that extra complexity</p>



<a name="148725887"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725887" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725887">(Nov 28 2018 at 16:52)</a>:</h4>
<p>for the model, I think</p>



<a name="148725897"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725897" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725897">(Nov 28 2018 at 16:53)</a>:</h4>
<p>but not for people writing code</p>



<a name="148725923"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725923" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725923">(Nov 28 2018 at 16:53)</a>:</h4>
<p>and it might reduce complexity around other questions, like the difference between transmute-to-raw and cast-to-raw, or the funny effects when you transmute a raw ptr to a reference</p>



<a name="148725934"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725934" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725934">(Nov 28 2018 at 16:53)</a>:</h4>
<p>exactly</p>



<a name="148725949"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148725949" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148725949">(Nov 28 2018 at 16:53)</a>:</h4>
<p>hm now that is curious, people writing the code will have to understand the model, so I'd think any complexity increase in the model is also a complexity increase for programmers?</p>



<a name="148726011"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726011" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726011">(Nov 28 2018 at 16:54)</a>:</h4>
<p>very few programmers will ever understand the model on a mathematical level</p>



<a name="148726022"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726022" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726022">(Nov 28 2018 at 16:54)</a>:</h4>
<p>they will get told "this is UB"</p>



<a name="148726032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726032">(Nov 28 2018 at 16:54)</a>:</h4>
<p>oh sure, I meant on a more intuitive, descriptive level</p>



<a name="148726037"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726037" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726037">(Nov 28 2018 at 16:54)</a>:</h4>
<p>by people like me</p>



<a name="148726041"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726041" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726041">(Nov 28 2018 at 16:54)</a>:</h4>
<p>something with pictures of a stack ;)</p>



<a name="148726076"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726076" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726076">(Nov 28 2018 at 16:55)</a>:</h4>
<p>on an intuitive level, they probably won't get close to enough mathematical rigor that the extra complexity matters</p>



<a name="148726108"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726108" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726108">(Nov 28 2018 at 16:55)</a>:</h4>
<p>this is my experience in the C++ community, anyways</p>



<a name="148726208"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726208" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726208">(Nov 28 2018 at 16:56)</a>:</h4>
<p>having a checker is far more important than having a simple system</p>



<a name="148726254"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726254" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726254">(Nov 28 2018 at 16:57)</a>:</h4>
<p>because the vast, vast majority of people will never read this part of the specification :P</p>



<a name="148726318"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726318" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726318">(Nov 28 2018 at 16:58)</a>:</h4>
<p>judging from the feedback I got, experienced programmers without a CS degree can think in terms of sth on the complexity of Stacked Borrows. so I hope we can keep the model simple enough. but well, only time will tell^^</p>



<a name="148726320"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726320" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726320">(Nov 28 2018 at 16:58)</a>:</h4>
<p>(or most of the other parts of the specification, let's be honest)</p>



<a name="148726323"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726323" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726323">(Nov 28 2018 at 16:58)</a>:</h4>
<p>the vast majority will hopefully never write unsafe code :P</p>



<a name="148726340"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726340" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726340">(Nov 28 2018 at 16:58)</a>:</h4>
<p>that's a key advantage we have over C++</p>



<a name="148726347"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726347" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726347">(Nov 28 2018 at 16:58)</a>:</h4>
<p>I don't mean they can't understand it, I mean they just don't care enough to read it</p>



<a name="148726377"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726377" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726377">(Nov 28 2018 at 16:59)</a>:</h4>
<p>because we should design our model in a way which means you don't end up having to read it :)</p>



<a name="148726458"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726458" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726458">(Nov 28 2018 at 17:00)</a>:</h4>
<p>(and I think stacked borrowd follow that rule)</p>



<a name="148726467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726467">(Nov 28 2018 at 17:00)</a>:</h4>
<p>I feel in the Rust community there is a strong desire for safe abstractions, and there is a sizeable group of people valuing that enough to very carefully evaluate their crates accordingly. I have no experience with the C++ community so I cannot compare, but as an outsider, safe abstractions seem to be less of a core thing there (also because the type system doesn't really let you do that to the extend Rust does)</p>



<a name="148726472"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726472" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726472">(Nov 28 2018 at 17:00)</a>:</h4>
<p>my main problem with "lets track raw ptrs" is explaining int-to-ptr casts. we need some kind of "wildcard", some kind of fallback. and if that works like raw ptrs work in Stacked Borrows, nothing is won. (all the examples above would still be fine, then, if you just cast ptrs to integers and back a bit.) that's why I'd first like to understand LLVM noalias in isolation, and then maybe that teaches us how to solve this kind of problem.</p>



<a name="148726518"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726518" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726518">(Nov 28 2018 at 17:01)</a>:</h4>
<p>I think to understand noalias, one must understand provenance</p>



<a name="148726539"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726539" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726539">(Nov 28 2018 at 17:01)</a>:</h4>
<p>provenance travels through values of any type</p>



<a name="148726543"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726543" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726543">(Nov 28 2018 at 17:01)</a>:</h4>
<p>true. I feel at least I understand it much better now than I did a year ago.</p>



<a name="148726550"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726550" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726550">(Nov 28 2018 at 17:01)</a>:</h4>
<blockquote>
<p>provenance travels through values of any type</p>
</blockquote>
<p>I strongly disagree with that</p>



<a name="148726592"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726592" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726592">(Nov 28 2018 at 17:02)</a>:</h4>
<p>how?</p>



<a name="148726600"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726600" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726600">(Nov 28 2018 at 17:02)</a>:</h4>
<p>integers shouldnt have provenance, and I think any model making them have provenance is untenable</p>



<a name="148726637"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726637" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726637">(Nov 28 2018 at 17:03)</a>:</h4>
<p>there are common compiler optimizations that are incompatible with integers having provenance</p>



<a name="148726651"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726651" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726651">(Nov 28 2018 at 17:03)</a>:</h4>
<p>like, GVN putting <code>i</code> and <code>j</code> into the same "bucket" inside an <code>if i == j</code></p>



<a name="148726676"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726676" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726676">(Nov 28 2018 at 17:03)</a>:</h4>
<p>and also from a modelling perspective, integers corresponding to mathematical integers (modulo 2^N) is <em>extremely useful</em></p>



<a name="148726721"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726721" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726721">(Nov 28 2018 at 17:04)</a>:</h4>
<p>and breaking that... ugh. no please no.^^</p>



<a name="148726760"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726760" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726760">(Nov 28 2018 at 17:04)</a>:</h4>
<p>for the next C/C++ standards, AFAIK the game still seems to be open wrt. integers do or do not have provenance. I very strongly hope they decide against making them have provenance</p>



<a name="148726776"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726776" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726776">(Nov 28 2018 at 17:05)</a>:</h4>
<p>(I'll be back later, afk for now)</p>



<a name="148726803"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726803" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726803">(Nov 28 2018 at 17:05)</a>:</h4>
<p>I would argue that provenance lists are the way to solve that</p>



<a name="148726809"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726809" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726809">(Nov 28 2018 at 17:05)</a>:</h4>
<p>but this is the way LLVM does noalias:</p>



<a name="148726817"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726817" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726817">(Nov 28 2018 at 17:06)</a>:</h4>
<blockquote>
<p>This indicates that objects accessed via pointer values based on the argument or return value are not also accessed, during the execution of the function, via pointer values not based on the argument or return value.</p>
</blockquote>



<a name="148726864"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148726864" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148726864">(Nov 28 2018 at 17:06)</a>:</h4>
<p>(on a noalias argument)</p>



<a name="148729638"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148729638" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148729638">(Nov 28 2018 at 17:47)</a>:</h4>
<p>I agree understanding provenance is key to understanding noalias</p>



<a name="148730574"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148730574" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148730574">(Nov 28 2018 at 18:04)</a>:</h4>
<p>it means that stuff like:</p>



<a name="148730643"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148730643" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148730643">(Nov 28 2018 at 18:04)</a>:</h4>
<div class="codehilite"><pre><span></span>fn foo(x: &amp;mut i32, y: *const i32) -&gt; i32 {
  *(x as *mut _ as usize as *mut i32) = 1;
  *y
}
</pre></div>



<a name="148730654"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148730654" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148730654">(Nov 28 2018 at 18:05)</a>:</h4>
<p>is still UB, if x and y alias</p>



<a name="148740691"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148740691" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148740691">(Nov 28 2018 at 20:27)</a>:</h4>
<blockquote>
<p>is still UB, if x and y alias</p>
</blockquote>
<p>what about this?</p>
<div class="codehilite"><pre><span></span><span class="k">fn</span> <span class="nf">foo</span><span class="p">(</span><span class="n">x</span>: <span class="kp">&amp;</span><span class="nc">mut</span><span class="w"> </span><span class="kt">i32</span><span class="p">,</span><span class="w"> </span><span class="n">y</span>: <span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="kt">i32</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="kt">i32</span> <span class="p">{</span><span class="w"></span>
<span class="w">  </span><span class="kd">let</span><span class="w"> </span><span class="n">xi</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">mut</span><span class="w"> </span><span class="n">_</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="kt">usize</span><span class="p">;</span><span class="w"></span>
<span class="w">  </span><span class="kd">let</span><span class="w"> </span><span class="n">yi</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">y</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="kt">usize</span><span class="p">;</span><span class="w"></span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="n">xi</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">yi</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="o">*</span><span class="p">(</span><span class="n">yi</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">mut</span><span class="w"> </span><span class="kt">i32</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="p">;</span><span class="w"></span>
<span class="w">  </span><span class="p">}</span><span class="w"></span>
<span class="w">  </span><span class="o">*</span><span class="n">y</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>


<p>And what if I now replace <code>yi</code> by <code>xi</code> inside the conditional (which GVN will do if it deems it profitable)?</p>



<a name="148745440"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745440" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745440">(Nov 28 2018 at 21:33)</a>:</h4>
<p>LLVM can introduce that kind of UB in its passes, as long as it makes it not UB by some other transformation.</p>



<a name="148745445"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745445" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745445">(Nov 28 2018 at 21:33)</a>:</h4>
<p>That doesn't mean you can.</p>



<a name="148745527"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745527" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745527">(Nov 28 2018 at 21:34)</a>:</h4>
<p>Sure, but LLVM wants to run alias analysis before and after GVN, so there is a tension here that can't just be explained away that way</p>



<a name="148745529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745529">(Nov 28 2018 at 21:34)</a>:</h4>
<p>for example, LLVM can transform <code>struct { unsigned x; unsigned y; } foo; do_smth(&amp;foo); return foo.x | (static_cast&lt;uint64_t&gt;(foo.y) &lt;&lt; 32);</code> with <code>return *(uint64_t*)&amp;foo;</code>, but you sure can't.</p>



<a name="148745537"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745537" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745537">(Nov 28 2018 at 21:34)</a>:</h4>
<p>(in C++ (because of alignment _and_ TBAA), nor Rust (because of alignment))</p>



<a name="148745638"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745638" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745638">(Nov 28 2018 at 21:36)</a>:</h4>
<p>if LLVM wants to make that transformation, it has to make the transformed code not UB via some method</p>



<a name="148745802"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745802" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745802">(Nov 28 2018 at 21:38)</a>:</h4>
<p>Yes, the issue is how to do that in a model where integers have provenance.</p>



<a name="148745836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745836">(Nov 28 2018 at 21:39)</a>:</h4>
<p>huh?</p>



<a name="148745847"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745847" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745847">(Nov 28 2018 at 21:39)</a>:</h4>
<p>integers have provenance in LLVM</p>



<a name="148745934"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745934" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745934">(Nov 28 2018 at 21:40)</a>:</h4>
<p>if GVN wants to make that optimization, that's LLVM's problem</p>



<a name="148745986"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745986" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745986">(Nov 28 2018 at 21:41)</a>:</h4>
<p>we have to guarantee that Rust code which does not have UB transforms into LLVM IR that doesn't have undefined behavior, though</p>



<a name="148745997"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148745997" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148745997">(Nov 28 2018 at 21:41)</a>:</h4>
<p>LLVM also has to make sure its transformations follow this property</p>



<a name="148746011"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746011" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746011">(Nov 28 2018 at 21:41)</a>:</h4>
<p>one easy way to do this would be to remove the <code>noalias</code> on the parameter</p>



<a name="148746138"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746138" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746138">(Nov 28 2018 at 21:43)</a>:</h4>
<p>I am well aware of the roles of rustc and LLVM passes. I think we're coming from different perspectives? Like, yes, ultimately justifying transformations is the problem of the one doing them, but Ralf's point was more generally that models in which integers have provenance suck, in part because it's so difficult to justify perfectly sensible optimizations on pure integer operations (such as GVN in that example).</p>



<a name="148746266"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746266" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746266">(Nov 28 2018 at 21:45)</a>:</h4>
<p>I mean, okay, but we have to deal with LLVM as it exists, and LLVM as it exists gives integers provenance. I don't see a way of keeping the optimizations without giving integers provenance in any model we use.</p>



<a name="148746393"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746393" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746393">(Nov 28 2018 at 21:46)</a>:</h4>
<p>(also, we can give integers provenance in the Rust model, and then helpfully ignore integer provenance if it's helpful for optimization)</p>



<a name="148746402"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746402" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746402">(Nov 28 2018 at 21:47)</a>:</h4>
<p>(which is what I assume LLVM does)</p>



<a name="148746548"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746548" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746548">(Nov 28 2018 at 21:49)</a>:</h4>
<p>Well, it's not like LLVM is immutable and infallible. Its integer optimizations and aliasing model have in the past contradicted itself.</p>



<a name="148746750"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148746750" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148746750">(Nov 28 2018 at 21:51)</a>:</h4>
<p>As detailed in <a href="https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf" target="_blank" title="https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf">https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf</a> which also lays out a memory model that justifies many existing optimizations LLVM does without provenance for integers (though IIRC it don't say anything about <code>noalias</code> specifically)</p>



<a name="148747081"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747081" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747081">(Nov 28 2018 at 21:56)</a>:</h4>
<p>None of this means we're in the clear wrt how LLVM works today but to me it illustrates that maybe noalias in its current form isn't the be-all-end-all and we either have to conform to it or lose all hope of improving AA. I can definitely see a future where either LLVM changes its aliasing/memory model or gains more fine-grained alternatives to <code>noalias</code> that we have a better shot at using (there's plenty of non-Rust-incentives for this, e.g. noalias is known to be pretty inadequate for <code>restrict</code> too)</p>



<a name="148747096"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747096" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747096">(Nov 28 2018 at 21:56)</a>:</h4>
<blockquote>
<p>LLVM as it exists gives integers provenance.</p>
</blockquote>
<p>I doubt that. I think it does not. And they have a GVN transformation which witnesses that it does not.</p>



<a name="148747110"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747110" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747110">(Nov 28 2018 at 21:56)</a>:</h4>
<p>LLVM IR has the same semantics before and after GVN</p>



<a name="148747130"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747130" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747130">(Nov 28 2018 at 21:57)</a>:</h4>
<p>so, while it is true that LLVM can have semantics different from Rust, it must have <em>some</em> consistent semantics</p>



<a name="148747142"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747142" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747142">(Nov 28 2018 at 21:57)</a>:</h4>
<p>and I am saying "naive noalias with int-ptr-casts" + "GVN based on int equality" cannot coexist as transformations on the same IR</p>



<a name="148747190"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747190" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747190">(Nov 28 2018 at 21:58)</a>:</h4>
<p>it seems likely that LLVM currently does both, and hence is buggy. would be interesting to construct a miscompilation from this actually.</p>



<a name="148747207"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747207" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747207">(Nov 28 2018 at 21:58)</a>:</h4>
<blockquote>
<p>noalias is known to be pretty inadequate for restrict too</p>
</blockquote>
<p>it is?</p>



<a name="148747229"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747229" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747229">(Nov 28 2018 at 21:59)</a>:</h4>
<p>I believe it's fine for arguments but not expressive enough for locals with restrict</p>



<a name="148747237"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747237" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747237">(Nov 28 2018 at 21:59)</a>:</h4>
<p>ah yeah that seems plausible</p>



<a name="148747463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747463">(Nov 28 2018 at 22:02)</a>:</h4>
<blockquote>
<p>As detailed in <a href="https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf" target="_blank" title="https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf">https://people.mpi-sws.org/~jung/twinsem/twinsem.pdf</a> which also lays out a memory model that justifies many existing optimizations LLVM does without provenance</p>
</blockquote>
<p>oh but we have provenance :) just not on integers</p>



<a name="148747466"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747466" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747466">(Nov 28 2018 at 22:03)</a>:</h4>
<p>but pointers carry around extra information, reflecting their provenance</p>



<a name="148747476"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747476" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747476">(Nov 28 2018 at 22:03)</a>:</h4>
<p>a bit like the tags which pointers carry in Stacked Borrows, which also are a form of provenance</p>



<a name="148747480"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747480" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747480">(Nov 28 2018 at 22:03)</a>:</h4>
<p>er, yeah, I meant provenance on integers</p>



<a name="148747483"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747483" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747483">(Nov 28 2018 at 22:03)</a>:</h4>
<p>sorry for the confusion</p>



<a name="148747488"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747488" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747488">(Nov 28 2018 at 22:03)</a>:</h4>
<p>okay, then I agree :)</p>



<a name="148747496"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747496" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747496">(Nov 28 2018 at 22:03)</a>:</h4>
<p>but yes, <code>noalias</code> is future work</p>



<a name="148747503"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747503" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747503">(Nov 28 2018 at 22:03)</a>:</h4>
<p>I am meeting with some other authors of that paper in Jan to start thinking about noalias</p>



<a name="148747576"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747576" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747576">(Nov 28 2018 at 22:04)</a>:</h4>
<p><span class="emoji emoji-1f38a" title="confetti">:confetti:</span></p>



<a name="148747613"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747613" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747613">(Nov 28 2018 at 22:05)</a>:</h4>
<p>and the example above will be an interesting litmus test</p>



<a name="148747630"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747630" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747630">(Nov 28 2018 at 22:05)</a>:</h4>
<p>one of my coauthors is really good at turning such problems into miscompilations, I'll ask them if they can't exploit this one^^</p>



<a name="148747696"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148747696" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148747696">(Nov 28 2018 at 22:06)</a>:</h4>
<p>but anyway it's getting late... good night!</p>



<a name="148750889"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148750889" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148750889">(Nov 28 2018 at 23:02)</a>:</h4>
<blockquote>
<p>and I am saying "naive noalias with int-ptr-casts" + "GVN based on int equality" cannot coexist as transformations on the same IR</p>
</blockquote>
<p>My original solution what I called "broadcast semantics" - doing the "unfreeze and push an Shr" on the ptr-&gt;int cast or pointer comparison (of course, this makes them side-effectful, which has its own disadvantages. Did anyone measure the perf impact of that?)</p>
<blockquote>
<p>@Ariel Ben-Yehuda you had another interesting example, involving <code>mem::replace</code> or so, didn't you?</p>
</blockquote>
<p>That was just about <code>mem::replace</code> using raw pointers internally, and us not wanting to treat it as a "leak".</p>



<a name="148750903"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148750903" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148750903">(Nov 28 2018 at 23:03)</a>:</h4>
<p>good night in any casez.</p>



<a name="148773548"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773548" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773548">(Nov 29 2018 at 08:55)</a>:</h4>
<blockquote>
<p>My original solution what I called "broadcast semantics" - doing the "unfreeze and push an Shr" on the ptr-&gt;int cast or pointer comparison (of course, this makes them side-effectful, which has its own disadvantages. Did anyone measure the perf impact of that?)</p>
</blockquote>
<p>Yes and that's what Stacked Borrows does, but this breaks your <code>mem::replace</code> example because <code>replace</code> performs a broadcast</p>



<a name="148773591"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773591" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773591">(Nov 29 2018 at 08:56)</a>:</h4>
<p>the issue is somehow "scoping" the broadcast, I think</p>



<a name="148773644"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773644" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773644">(Nov 29 2018 at 08:58)</a>:</h4>
<p>The idea was limiting the broadcast to ptr-&gt;int casts (and maybe pointer comparisons), rather than to raw pointer ops.</p>



<a name="148773688"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773688" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773688">(Nov 29 2018 at 08:58)</a>:</h4>
<p>with the idea being that ptr-&gt;int casts on pointers that are not "very much escaped" should be rare</p>



<a name="148773721"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773721" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773721">(Nov 29 2018 at 08:59)</a>:</h4>
<p>hm. but then calling an unknown function could still do that.</p>



<a name="148773731"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773731" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773731">(Nov 29 2018 at 08:59)</a>:</h4>
<p>Stacked Borrows, for me, is all about the guarantees you get around unknown function calls</p>



<a name="148773735"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773735" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773735">(Nov 29 2018 at 08:59)</a>:</h4>
<p>yea, and it  can be because the unknown function could be <code>as_ptr</code></p>



<a name="148773796"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773796" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773796">(Nov 29 2018 at 09:00)</a>:</h4>
<p>so one idea I had was to have some kind of references following lifetimes in safe code, that's all the deal about the "tootsie pop model"</p>



<a name="148773809"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773809" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773809">(Nov 29 2018 at 09:00)</a>:</h4>
<p>I mean Stacked Borrows gives you some of that</p>



<a name="148773814"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773814" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773814">(Nov 29 2018 at 09:00)</a>:</h4>
<p>but only after you do a write</p>



<a name="148773822"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773822" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773822">(Nov 29 2018 at 09:01)</a>:</h4>
<p>it currently makes even ref-to-raw "broadcast" and still you get some guarantees around unknown code</p>



<a name="148773824"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773824" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773824">(Nov 29 2018 at 09:01)</a>:</h4>
<p>no, any <code>Retag</code> will do it</p>



<a name="148773826"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773826" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773826">(Nov 29 2018 at 09:01)</a>:</h4>
<p>and also there are these "function call barriers" that give you even more information (and have <a href="https://github.com/rust-lang/rust/pull/56319" target="_blank" title="https://github.com/rust-lang/rust/pull/56319">found a bug already</a>)</p>



<a name="148773830"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773830" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773830">(Nov 29 2018 at 09:01)</a>:</h4>
<p>which go in the other direction, don't they?</p>



<a name="148773888"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773888" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773888">(Nov 29 2018 at 09:02)</a>:</h4>
<p>Wouldn't that bug have been caught even without function call barriers?</p>



<a name="148773893"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773893" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773893">(Nov 29 2018 at 09:02)</a>:</h4>
<p>no</p>



<a name="148773896"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773896" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773896">(Nov 29 2018 at 09:02)</a>:</h4>
<p>because there was a <code>Shr</code> somewhere on the stack</p>



<a name="148773925"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773925" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773925">(Nov 29 2018 at 09:03)</a>:</h4>
<p>so turning the raw ptr into an <code>&amp;mut</code> popped to make that <code>Shr</code> active</p>



<a name="148773984"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148773984" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148773984">(Nov 29 2018 at 09:04)</a>:</h4>
<p>so that's the "raw pointer escape" rule?</p>



<a name="148774017"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774017" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774017">(Nov 29 2018 at 09:05)</a>:</h4>
<p>the equivalent of</p>
<p>let x: &amp;mut A = ...;<br>
let y: *mut A = &amp;mut *x;<br>
let z: &amp;A = (&amp;mut *x); // "WRONG"<br>
use(z, x); // ok, because we have an Shr ?</p>



<a name="148774067"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774067" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774067">(Nov 29 2018 at 09:06)</a>:</h4>
<p>ah no there were only 2 shared references there, AND a raw pointer</p>



<a name="148774082"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774082" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774082">(Nov 29 2018 at 09:06)</a>:</h4>
<p>so</p>
<div class="codehilite"><pre><span></span>let x: &amp;A = ...;
let y: *const A = &amp;*x;
let wrong_z: &amp;A =(&amp;mut *(x as *const A as *mut A);
use(x, wrong_z);
</pre></div>



<a name="148774097"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774097" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774097">(Nov 29 2018 at 09:07)</a>:</h4>
<p>I am not sure exactly where the <code>Shr</code> is coming from in this case</p>



<a name="148774168"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774168" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774168">(Nov 29 2018 at 09:08)</a>:</h4>
<p>it might have been more like</p>
<div class="codehilite"><pre><span></span>let x: &amp;mut T = ...;
let xraw = x as *mut _;
let y = &amp;mut *xraw;
let z = &amp;*y;
let bad = &amp;mut *(z as *const _); // okay because this raw ptr can match the item pushed for xraw
</pre></div>



<a name="148774186"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774186" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774186">(Nov 29 2018 at 09:09)</a>:</h4>
<p>adding a barrier anywhere between xraw and bad then detects this because you cannot use xraw any more when creating bad</p>



<a name="148774262"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774262" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774262">(Nov 29 2018 at 09:11)</a>:</h4>
<p>that seems wrong (not being able to use <code>xraw</code> after using <code>bad</code>).</p>



<a name="148774271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774271">(Nov 29 2018 at 09:11)</a>:</h4>
<p>you mean <code>y</code>?</p>



<a name="148774280"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774280" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774280">(Nov 29 2018 at 09:11)</a>:</h4>
<p>I thought that broadcastness remained until you used an "old" raw pointer</p>



<a name="148774328"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774328" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774328">(Nov 29 2018 at 09:12)</a>:</h4>
<p>or reference</p>



<a name="148774329"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774329" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774329">(Nov 29 2018 at 09:12)</a>:</h4>
<p>aka <code>x</code></p>



<a name="148774477"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774477" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774477">(Nov 29 2018 at 09:16)</a>:</h4>
<blockquote>
<p>that seems wrong (not being able to use <code>xraw</code> after using <code>bad</code>).</p>
</blockquote>
<p>I said no such thing?</p>



<a name="148774482"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774482" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774482">(Nov 29 2018 at 09:16)</a>:</h4>
<p>Creating <code>bad</code> will make the <code>Shr</code> item pushed for <code>xraw</code> top-of-stack</p>



<a name="148774488"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774488" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774488">(Nov 29 2018 at 09:16)</a>:</h4>
<p>so now you can use both <code>bad</code> and <code>xraw</code> interchangably: two raw pointers with the same tag, pointing to a location whose top-of-stack is <code>Shr</code></p>



<a name="148774506"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774506" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774506">(Nov 29 2018 at 09:17)</a>:</h4>
<p>the barrier makes it so that <code>bad</code> cannot be <em>created</em>, because the item it needs (<code>Shr</code>) is behind a barrier</p>



<a name="148774583"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774583" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774583">(Nov 29 2018 at 09:19)</a>:</h4>
<p>that would be code like</p>
<div class="codehilite"><pre><span></span><span class="kd">let</span><span class="w"> </span><span class="n">x</span>: <span class="kp">&amp;</span><span class="nc">mut</span><span class="w"> </span><span class="n">T</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">...;</span><span class="w"></span>
<span class="kd">let</span><span class="w"> </span><span class="n">xraw</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">mut</span><span class="w"> </span><span class="n">_</span><span class="p">;</span><span class="w"></span>
<span class="n">foo</span><span class="p">(</span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="o">*</span><span class="n">xraw</span><span class="p">);</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">foo</span><span class="p">(</span><span class="n">y</span>: <span class="kp">&amp;</span><span class="nc">mut</span><span class="w"> </span><span class="kt">i32</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="c1">// here we add a barrier to the stack, making sure y cannot be popped off</span>
<span class="kd">let</span><span class="w"> </span><span class="n">z</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;*</span><span class="n">y</span><span class="p">;</span><span class="w"></span>
<span class="kd">let</span><span class="w"> </span><span class="n">bad</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="o">*</span><span class="p">(</span><span class="n">z</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="n">_</span><span class="p">);</span><span class="w"> </span><span class="c1">// NOT okay because this would pop y off the stack,</span>
<span class="c1">// which is prevent by a barrier</span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="148774966"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148774966" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148774966">(Nov 29 2018 at 09:28)</a>:</h4>
<p>ok I just misread you</p>



<a name="148852995"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148852995" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148852995">(Nov 30 2018 at 10:18)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> is this the result of asking your coauthor who's good at creating miscompiles? :D <a href="https://bugs.llvm.org/show_bug.cgi?id=39846" target="_blank" title="https://bugs.llvm.org/show_bug.cgi?id=39846">https://bugs.llvm.org/show_bug.cgi?id=39846</a></p>



<a name="148853378"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148853378" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148853378">(Nov 30 2018 at 10:27)</a>:</h4>
<p>it is^^ (not the coauthor I expected, but I sent this to all of them)</p>



<a name="148853467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148853467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148853467">(Nov 30 2018 at 10:29)</a>:</h4>
<p>I'm actually rather surprised by this particular miscompile, I expected them to be different, but I won't be picky^^. Anything that demonstrates that LLVM's noalias handling is inconsistent is helpful towards figuring out a consistent story.</p>



<a name="148853522"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148853522" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148853522">(Nov 30 2018 at 10:30)</a>:</h4>
<p><span class="user-mention" data-user-id="126804">@Ariel Ben-Yehuda</span> <span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span>  you might also be interested in this example, see the link a few messages up</p>



<a name="148864043"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148864043" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148864043">(Nov 30 2018 at 14:24)</a>:</h4>
<p>One another solution would be to track derivation "precisely" in the spec, but to have LLVM treat inttoptr as a broadcast.</p>



<a name="148864066"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148864066" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148864066">(Nov 30 2018 at 14:25)</a>:</h4>
<p>which would make GVN not a legal endo-optimization on Rust code, but maintain it as an endo-optimization on LLVM IR</p>



<a name="148864077"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148864077" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148864077">(Nov 30 2018 at 14:25)</a>:</h4>
<p>*ptrtoint is broadcast, not inttoptr</p>



<a name="148864172"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148864172" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148864172">(Nov 30 2018 at 14:27)</a>:</h4>
<p>so this would keep the spec clean, but (I think) enable all the optimizations we want in practice</p>



<a name="148864188"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148864188" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148864188">(Nov 30 2018 at 14:27)</a>:</h4>
<p>other than pointers being passed to foreign functions being treated as escaping. But that's a must given <code>as_ptr</code> I think</p>



<a name="148865032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865032">(Nov 30 2018 at 14:40)</a>:</h4>
<p>we need to make sure that <code>*(ptr as *const usize) = *(ptr as *const usize);</code> "breaks derived" while having memcpy work</p>



<a name="148865058"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865058" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865058">(Nov 30 2018 at 14:40)</a>:</h4>
<p>as in, keep derived, preferably without broadcast</p>



<a name="148865068"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865068" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865068">(Nov 30 2018 at 14:40)</a>:</h4>
<p>moving memcpy to use a "databyte" type that is GVN-less instead of u8 would work</p>



<a name="148865449"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865449" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865449">(Nov 30 2018 at 14:47)</a>:</h4>
<p>so in the MIR you can't even optimize <code>x*0</code> [if we really wanted, we could add <code>broadcast</code> to MIR and optimize <code>x*0</code> to <code>{ broadcast(x); 0 }</code>]</p>



<a name="148865463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865463">(Nov 30 2018 at 14:47)</a>:</h4>
<p>and we can even lower the likes if <code>inttoptr(ptrtoint(x) | 1)</code> in a way that doesn't broadcast anything</p>



<a name="148865520"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865520" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865520">(Nov 30 2018 at 14:48)</a>:</h4>
<p>we'll need a <code>set_tag</code> intrinsic that doesn't allow intermediate GVN, but that will work</p>



<a name="148865748"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865748" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865748">(Nov 30 2018 at 14:52)</a>:</h4>
<p>and add "Torvalds' delight" where in the MIR, <code>(x &amp; 0xff)</code> is not derived from <code>x</code> but <code>x &amp; 0xffffff00</code> is</p>



<a name="148865857"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148865857" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148865857">(Nov 30 2018 at 14:54)</a>:</h4>
<p>integer optimizations on MIR require adding broadcasts to random places, let LIR handle them</p>



<a name="148866513"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148866513" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148866513">(Nov 30 2018 at 15:05)</a>:</h4>
<p>I really dislike provenance on integers. I think <code>u32</code> should exactly model <code>Z_[2^32]</code>, i.e., integers modulo 2^32, not the product of that and some magic metadata. We shouldn't make people's reasoning about code harder than it already is.</p>



<a name="148866607"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148866607" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148866607">(Nov 30 2018 at 15:06)</a>:</h4>
<p>that's basically externalizing the cost and letting our users pay the price</p>



<a name="148868471"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868471" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868471">(Nov 30 2018 at 15:34)</a>:</h4>
<p>our integers don't model the modulo field tho</p>



<a name="148868496"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868496" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868496">(Nov 30 2018 at 15:34)</a>:</h4>
<p>also, why is that making code harder to reason about?</p>



<a name="148868632"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868632" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868632">(Nov 30 2018 at 15:36)</a>:</h4>
<p>because it is extra state that has to be considered during verification? it means all sorts of equations that hold trivially for integers need to be carefully verified for these "strange integers". likely, they are not even associative and/or commutative. it might even make the set of possible values infinite depending on what exactly provenance looks like.</p>



<a name="148868656"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868656" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868656">(Nov 30 2018 at 15:36)</a>:</h4>
<p>it means that just because I know that some integer is 0, I <em>still</em> cannot fully describe its behavior. How is that not a huge burden for verification?</p>



<a name="148868719"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868719" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868719">(Nov 30 2018 at 15:37)</a>:</h4>
<p>you said users</p>



<a name="148868785"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868785" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868785">(Nov 30 2018 at 15:38)</a>:</h4>
<p>I don't think it's a burden for users</p>



<a name="148868926"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148868926" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148868926">(Nov 30 2018 at 15:40)</a>:</h4>
<p>also, remember that these are simply checks on functions - if someone has a complex enough function that it's impossible to model the provenance of integer values (noting that the provenance of integer values is usually nil), I don't really mind that they don't get UB checking</p>



<a name="148869139"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148869139" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148869139">(Nov 30 2018 at 15:44)</a>:</h4>
<p>if you have an integer value that has provenance for more than 20 objects, what are you doing with your life</p>



<a name="148869836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148869836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148869836">(Nov 30 2018 at 15:54)</a>:</h4>
<p>probably hashing a vector of raw pointers</p>



<a name="148876529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876529">(Nov 30 2018 at 17:45)</a>:</h4>
<p>I mean, here provenance can "leak" through booleans</p>



<a name="148876535"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876535" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876535">(Nov 30 2018 at 17:45)</a>:</h4>
<p>and other small integers</p>



<a name="148876543"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876543" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876543">(Nov 30 2018 at 17:46)</a>:</h4>
<p>I mean yeah.</p>



<a name="148876589"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876589" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876589">(Nov 30 2018 at 17:46)</a>:</h4>
<p>so you could mix a "real" raw pointer with a lots of "booleans"</p>



<a name="148876596"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876596" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876596">(Nov 30 2018 at 17:46)</a>:</h4>
<p>and have a value with 30 provenances, only one of them matters</p>



<a name="148876609"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876609" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876609">(Nov 30 2018 at 17:46)</a>:</h4>
<p>yeah</p>



<a name="148876624"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876624" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876624">(Nov 30 2018 at 17:46)</a>:</h4>
<p>if the problem is automated verifications, maybe have annotations for that?</p>



<a name="148876636"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876636" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876636">(Nov 30 2018 at 17:47)</a>:</h4>
<p>intrinsics::fix_provenance(ptr, orig)</p>



<a name="148876644"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876644" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876644">(Nov 30 2018 at 17:47)</a>:</h4>
<p>which prevents <code>ptr</code> from gaining provenances beyond <code>orig</code>?</p>



<a name="148876656"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876656" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876656">(Nov 30 2018 at 17:47)</a>:</h4>
<p>(and checks that <code>ptr</code> has <code>orig</code> as a provenance)</p>



<a name="148876723"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876723" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876723">(Nov 30 2018 at 17:48)</a>:</h4>
<p>and have the verifier otherwise complain if you dereference a raw pointer with too many provenances</p>



<a name="148876826"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876826" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876826">(Nov 30 2018 at 17:50)</a>:</h4>
<p>the intrinsic doesn't even need to have language semantics, just verifier semantics</p>



<a name="148876952"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876952" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876952">(Nov 30 2018 at 17:52)</a>:</h4>
<p>otoh, this has the problem of preventing a "mindless" verification</p>



<a name="148876968"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148876968" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148876968">(Nov 30 2018 at 17:53)</a>:</h4>
<p>you couldn't run MIRI on an unmodified program that makes a mess with ints &amp; ptrs</p>



<a name="148877055"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877055" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877055">(Nov 30 2018 at 17:54)</a>:</h4>
<p>otoh, twin allocation is SO MUCH worse when it comes to soundness</p>



<a name="148877273"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877273" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877273">(Nov 30 2018 at 17:58)</a>:</h4>
<p>*when it comes to having a easy-to-compute, mindless way of determining whether a program execution is defined</p>



<a name="148877428"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877428" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877428">(Nov 30 2018 at 18:00)</a>:</h4>
<p>I mean, even if we define it so that disassembling a pointer into bits and reassembling it doesn't give you a usable pointer</p>



<a name="148877430"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877430" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877430">(Nov 30 2018 at 18:01)</a>:</h4>
<p>I don't think anyone would care</p>



<a name="148877460"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877460" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877460">(Nov 30 2018 at 18:01)</a>:</h4>
<p>actually, I'm not that sure about ^</p>



<a name="148877531"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877531" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877531">(Nov 30 2018 at 18:02)</a>:</h4>
<p>So I think the problem that would result here is that SOMEONE will deflate and inflate their RAM, and then complain that that breaks the verifier</p>



<a name="148877567"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877567" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877567">(Nov 30 2018 at 18:03)</a>:</h4>
<p>to which I'll answer "if you do these crazy things, please do <code>broadcast</code> on the RAM that you deflate and inflate and then everyone will be happy"</p>



<a name="148877834"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877834" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877834">(Nov 30 2018 at 18:08)</a>:</h4>
<p>OTOH, "deflating an inflating RAM" is a good way provenance can be really "lost", if you don't broadcast</p>



<a name="148877850"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877850" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877850">(Nov 30 2018 at 18:08)</a>:</h4>
<p>(because it might all use array indexes in the middle, which destroy provenance)</p>



<a name="148877915"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877915" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877915">(Nov 30 2018 at 18:09)</a>:</h4>
<p>and the compiler might even theoretically notice <em>that</em></p>



<a name="148877997"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148877997" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148877997">(Nov 30 2018 at 18:11)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> how bad do you think is forcing anyone who does these kinds of mixing-up to do a broadcast on all the bytes?</p>



<a name="148878078"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148878078" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148878078">(Nov 30 2018 at 18:12)</a>:</h4>
<p>OTOH, I believe that the "deflating RAM" might do their sins with <em>references</em>, and not <em>raw pointers</em></p>



<a name="148878085"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148878085" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148878085">(Nov 30 2018 at 18:12)</a>:</h4>
<p>in which case that'll be UB even with Stacked Borrows</p>



<a name="148878137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148878137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148878137">(Nov 30 2018 at 18:13)</a>:</h4>
<p>take a bunch of RAM, deflate it, write that over a socket, read on the other end, unpack it</p>



<a name="148878142"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148878142" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148878142">(Nov 30 2018 at 18:13)</a>:</h4>
<p>inflate it back, use it</p>



<a name="148884893"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148884893" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148884893">(Nov 30 2018 at 19:56)</a>:</h4>
<p><span class="user-mention" data-user-id="126804">@Ariel Ben-Yehuda</span> I doubt it's that big of a deal, for most things.</p>



<a name="148885357"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885357" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885357">(Nov 30 2018 at 20:03)</a>:</h4>
<p>although on the other hand, broadcast semantics also make sense</p>



<a name="148885403"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885403" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885403">(Nov 30 2018 at 20:04)</a>:</h4>
<p>we'd just need to make sure LLVM wasn't miscompiling us</p>



<a name="148885427"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885427" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885427">(Nov 30 2018 at 20:04)</a>:</h4>
<p>users also want to at least informally reason about their code</p>



<a name="148885438"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885438" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885438">(Nov 30 2018 at 20:04)</a>:</h4>
<p>the closer we can make the real model to what they are going to assume anyway, the better</p>



<a name="148885465"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885465" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885465">(Nov 30 2018 at 20:05)</a>:</h4>
<p>every diversion from that should be very well-justified. I dont think integer provenance is even remotely justified enough, <em>in particular</em> if not even LLVM has it.</p>



<a name="148885692"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885692" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885692">(Nov 30 2018 at 20:09)</a>:</h4>
<div class="codehilite"><pre><span></span><span class="kt">int</span> <span class="nf">foo</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="kr">restrict</span> <span class="n">x</span><span class="p">,</span> <span class="kt">int</span> <span class="o">*</span><span class="kr">restrict</span> <span class="n">y</span><span class="p">)</span> <span class="p">{</span>
  <span class="o">*</span><span class="n">y</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>

  <span class="kt">intptr_t</span> <span class="n">x_addr</span> <span class="o">=</span> <span class="p">(</span><span class="kt">intptr_t</span><span class="p">)</span><span class="n">x</span><span class="p">;</span>
  <span class="kt">intptr_t</span> <span class="n">y_addr</span> <span class="o">=</span> <span class="p">(</span><span class="kt">intptr_t</span><span class="p">)</span><span class="n">y</span><span class="p">;</span>

  <span class="o">*</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">)</span><span class="n">x_addr</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span>
  <span class="k">return</span> <span class="o">*</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">)</span><span class="n">y_addr</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>


<p>converting this to</p>
<div class="codehilite"><pre><span></span><span class="kt">int</span> <span class="nf">foo</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="kr">restrict</span> <span class="n">x</span><span class="p">,</span> <span class="kt">int</span> <span class="o">*</span><span class="kr">restrict</span> <span class="n">y</span><span class="p">)</span> <span class="p">{</span>
  <span class="o">*</span><span class="n">y</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
  <span class="o">*</span><span class="n">x</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span>
  <span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>


<p>I believe requires integer provenance.</p>



<a name="148885918"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148885918" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148885918">(Nov 30 2018 at 20:13)</a>:</h4>
<p>it does. which is why I think this transformation should not be allowed.</p>



<a name="148886001"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886001" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886001">(Nov 30 2018 at 20:14)</a>:</h4>
<blockquote>
<p>users also want to at least informally reason about their code</p>
</blockquote>
<p>I think that users informally reason about integer provenance</p>



<a name="148886016"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886016" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886016">(Nov 30 2018 at 20:14)</a>:</h4>
<p>pretty well</p>



<a name="148886047"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886047" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886047">(Nov 30 2018 at 20:15)</a>:</h4>
<p>and the main problem with it is that it annoys optimizer &amp; verification tool writers</p>



<a name="148886098"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886098" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886098">(Nov 30 2018 at 20:15)</a>:</h4>
<p>(or at least, I don't expect users to distinguish much between integer provenance, raw pointer provenance, and reference provenance)</p>



<a name="148886166"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886166" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886166">(Nov 30 2018 at 20:16)</a>:</h4>
<p>I agree</p>



<a name="148886176"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886176" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886176">(Nov 30 2018 at 20:16)</a>:</h4>
<p>the only case where there might be confusion is the "deflating &amp; inflating RAM" case</p>



<a name="148886192"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886192" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886192">(Nov 30 2018 at 20:16)</a>:</h4>
<p>Also, if you want these semantics to be true for Rust, you'll need to fix LLVM <span class="user-mention" data-user-id="120791">@RalfJ</span></p>



<a name="148886212"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886212" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886212">(Nov 30 2018 at 20:17)</a>:</h4>
<p>see <a href="https://gcc.godbolt.org/z/2rwaFe" target="_blank" title="https://gcc.godbolt.org/z/2rwaFe">https://gcc.godbolt.org/z/2rwaFe</a></p>



<a name="148886222"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886222" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886222">(Nov 30 2018 at 20:17)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> we'll need to fix LLVM anyway: <a href="https://bugs.llvm.org/show_bug.cgi?id=39846" target="_blank" title="https://bugs.llvm.org/show_bug.cgi?id=39846">https://bugs.llvm.org/show_bug.cgi?id=39846</a></p>



<a name="148886249"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886249" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886249">(Nov 30 2018 at 20:17)</a>:</h4>
<p>sure</p>



<a name="148886251"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886251" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886251">(Nov 30 2018 at 20:17)</a>:</h4>
<p>right now, given that LLVM is not self-consistent, I do not think it is a useful basis for discussion</p>



<a name="148886267"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886267" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886267">(Nov 30 2018 at 20:17)</a>:</h4>
<p>but there are different levels of "fixing"</p>



<a name="148886314"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886314" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886314">(Nov 30 2018 at 20:18)</a>:</h4>
<p>and I think that adding annotations to RAM inflate/deflate is not such a high cost</p>



<a name="148886325"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886325" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886325">(Nov 30 2018 at 20:18)</a>:</h4>
<p>and I very much doubt that LLVM would be willing to give up optimizations like this</p>



<a name="148886326"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886326" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886326">(Nov 30 2018 at 20:18)</a>:</h4>
<p>well, LLVM does GVN on integer equality. and it is my understanding that they strongly desire to keep it.</p>



<a name="148886372"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886372" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886372">(Nov 30 2018 at 20:19)</a>:</h4>
<p>so when LLVM is self-consistent, I assume it'll still do this GVN and we have a model that can do noalias without integer provenance. or maybe it will have integer provenance and give up on GVN, and that may persuade me to do the same.<br>
EDIT: or maybe we'll have found a way to have both, that'd be even better!</p>



<a name="148886459"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886459" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886459">(Nov 30 2018 at 20:20)</a>:</h4>
<blockquote>
<blockquote>
<p>users also want to at least informally reason about their code</p>
</blockquote>
<p>I think that users informally reason about integer provenance</p>
</blockquote>
<p>my experience is that users are already surprised by pointers not being "just integers" and having some kind of provenance. if not even integers are "just (mathematical) integers", I think this will get worse.</p>



<a name="148886503"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886503" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886503">(Nov 30 2018 at 20:21)</a>:</h4>
<p>it is very unnatural to write code that can observe that integers are not "just (mathematical) integers"</p>



<a name="148886560"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886560" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886560">(Nov 30 2018 at 20:22)</a>:</h4>
<p>pretty much any code casting between ints and ptrs would be such code</p>



<a name="148886603"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886603" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886603">(Nov 30 2018 at 20:23)</a>:</h4>
<p>I was originally worried that e.g. crypto code would be affected, but likely provenance would not affect integer arithmetic so one can work on equivalence classes of values quotiented by "the integer part is the same"</p>



<a name="148886627"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886627" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886627">(Nov 30 2018 at 20:23)</a>:</h4>
<p>that would require one thing though: integer comparison is deterministic and ignores provenance</p>



<a name="148886639"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886639" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886639">(Nov 30 2018 at 20:23)</a>:</h4>
<p>(this is not the case for ptr comparison)</p>



<a name="148886706"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886706" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886706">(Nov 30 2018 at 20:24)</a>:</h4>
<blockquote>
<p>that would require one thing though: integer comparison is deterministic and ignores provenance</p>
</blockquote>
<p>Sounds like a good idea. I personally prefer to also define ptr comparison as integer comparison.</p>



<a name="148886713"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886713" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886713">(Nov 30 2018 at 20:24)</a>:</h4>
<p>have fun convincing LLVM of that :P</p>



<a name="148886720"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886720" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886720">(Nov 30 2018 at 20:24)</a>:</h4>
<p>we can do it in Rust :-)</p>



<a name="148886723"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886723" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886723">(Nov 30 2018 at 20:24)</a>:</h4>
<p>by emitting ptrtoint</p>



<a name="148886731"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886731" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886731">(Nov 30 2018 at 20:24)</a>:</h4>
<p>C actually says that in the standard, and LLVM still doesn't care</p>



<a name="148886747"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886747" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886747">(Nov 30 2018 at 20:25)</a>:</h4>
<p>true, we can. it'd make me sleep better. but I think some people wouldn't like it as it'll likely cost some perf...</p>



<a name="148886753"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886753" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886753">(Nov 30 2018 at 20:25)</a>:</h4>
<p>we wouldn't want to do it if ptrtoint has broadcast semantics</p>



<a name="148886828"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886828" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886828">(Nov 30 2018 at 20:26)</a>:</h4>
<p>yeah and that</p>



<a name="148886829"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886829" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886829">(Nov 30 2018 at 20:26)</a>:</h4>
<p>one thing to note: the C standard gives integers provenance</p>



<a name="148886839"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886839" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886839">(Nov 30 2018 at 20:26)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> source? I've not seen that</p>



<a name="148886852"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886852" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886852">(Nov 30 2018 at 20:26)</a>:</h4>
<p>the C17 standard, page 89, 6.7.3.1.3</p>



<a name="148886855"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886855" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886855">(Nov 30 2018 at 20:26)</a>:</h4>
<p><a href="http://www.open-std.org/jtc1/sc22/wg14/www/abq/c17_updated_proposed_fdis.pdf" target="_blank" title="http://www.open-std.org/jtc1/sc22/wg14/www/abq/c17_updated_proposed_fdis.pdf">http://www.open-std.org/jtc1/sc22/wg14/www/abq/c17_updated_proposed_fdis.pdf</a></p>



<a name="148886869"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886869" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886869">(Nov 30 2018 at 20:27)</a>:</h4>
<p>(technically it's the draft standard but <span class="emoji emoji-1f937" title="shrug">:shrug:</span>)</p>



<a name="148886872"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886872" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886872">(Nov 30 2018 at 20:27)</a>:</h4>
<p>I keep looking for a good HTML version of the standard...</p>



<a name="148886944"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886944" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886944">(Nov 30 2018 at 20:28)</a>:</h4>
<p>actually, for iterators to work, pointer comparison between pointers with the same provenance must not be a broadcast</p>



<a name="148886982"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886982" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886982">(Nov 30 2018 at 20:28)</a>:</h4>
<p>In what follows, a pointer expression <code>E</code> is said to be based on object <code>P</code> if (at some sequence point in the execution of <code>B</code> [the block which <code>P</code> is declared to be for] prior to the evaluation of <code>E</code>) modifying <code>P</code> to point to a copy of the array object into which it formerly pointed would change the value of <code>E</code>. Note that “based” is defined only for expressions with pointer types.</p>



<a name="148886984"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148886984" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148886984">(Nov 30 2018 at 20:28)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> oh, that sentence. yeah it's also in older standards. it's about pointers though, and their definition is basically information flow control which is... not even a trace-based property.</p>



<a name="148887002"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887002" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887002">(Nov 30 2018 at 20:29)</a>:</h4>
<p>like, that mandates that <code>x - x</code> kills all provenance</p>



<a name="148887013"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887013" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887013">(Nov 30 2018 at 20:29)</a>:</h4>
<p>true</p>



<a name="148887014"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887014" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887014">(Nov 30 2018 at 20:29)</a>:</h4>
<p>It is not in general even <em>defined</em> when looking only at a single trace</p>



<a name="148887020"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887020" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887020">(Nov 30 2018 at 20:29)</a>:</h4>
<p>(aka, it's a hyperproperty)</p>



<a name="148887079"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887079" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887079">(Nov 30 2018 at 20:30)</a>:</h4>
<p>I think broadcast semantics are likely the only reasonable semantics, looking at it</p>



<a name="148887085"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887085" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887085">(Nov 30 2018 at 20:30)</a>:</h4>
<p>although we'd need a way to tell LLVM "broadcast this pointer value"</p>



<a name="148887090"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887090" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887090">(Nov 30 2018 at 20:30)</a>:</h4>
<p>so, that's not just giving integers provenance. that's killing trace-based reasoning. I don't intend to abandon trace-based reasoning for Rust^^</p>



<a name="148887100"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887100" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887100">(Nov 30 2018 at 20:30)</a>:</h4>
<p>broadcast @ ptr-&gt;int cast?</p>



<a name="148887102"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887102" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887102">(Nov 30 2018 at 20:30)</a>:</h4>
<p>because we don't in general want ptrtoint to broadcast</p>



<a name="148887113"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887113" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887113">(Nov 30 2018 at 20:31)</a>:</h4>
<p>@ Rust ptr-&gt;int cast ?</p>



<a name="148887129"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887129" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887129">(Nov 30 2018 at 20:31)</a>:</h4>
<p>yeah its very useful to keep ptrtoint side-effect free. reorderdable, can be DCO'd, and so on</p>



<a name="148887132"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887132" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887132">(Nov 30 2018 at 20:31)</a>:</h4>
<p>the issue I see is with function calls</p>



<a name="148887142"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887142" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887142">(Nov 30 2018 at 20:31)</a>:</h4>
<blockquote>
<p>yeah its very useful to keep ptrtoint side-effect free. reorderdable, can be DCO'd, and so on</p>
</blockquote>
<p>is it?</p>



<a name="148887190"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887190" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887190">(Nov 30 2018 at 20:32)</a>:</h4>
<p>did you measure/know why?</p>



<a name="148887192"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887192" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887192">(Nov 30 2018 at 20:32)</a>:</h4>
<p>I dont think I have numbers, no</p>



<a name="148887202"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887202" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887202">(Nov 30 2018 at 20:32)</a>:</h4>
<p>but if ptrtoint broadcasts, LLVM has to stop reordering it freely and treat it specially</p>



<a name="148887205"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887205" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887205">(Nov 30 2018 at 20:32)</a>:</h4>
<p>that seems hard</p>



<a name="148887211"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887211" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887211">(Nov 30 2018 at 20:32)</a>:</h4>
<p>i.e., <code>&lt;&amp;T as Pointer&gt;::fmt(&amp;p)</code> should broadcast, but <code>&lt;i32 as Display&gt;::fmt(p)</code> should not</p>



<a name="148887212"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887212" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887212">(Nov 30 2018 at 20:32)</a>:</h4>
<p>or we could emit an intrinsic instead</p>



<a name="148887217"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887217" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887217">(Nov 30 2018 at 20:32)</a>:</h4>
<p>and there is no good reason to marry the type-conversion and the side-effecting broadcast into one operation</p>



<a name="148887220"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887220" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887220">(Nov 30 2018 at 20:32)</a>:</h4>
<p>I suspect that even emitting a call to an external function won't kill performance</p>



<a name="148887227"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887227" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887227">(Nov 30 2018 at 20:33)</a>:</h4>
<p>but it does mean that every unknown call that accepts an <code>&amp;T</code> now broadcasts</p>



<a name="148887243"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887243" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887243">(Nov 30 2018 at 20:33)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> yeah taht's exactly the <code>mem::replace</code> problem</p>



<a name="148887246"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887246" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887246">(Nov 30 2018 at 20:33)</a>:</h4>
<p>(it might be useful to have a <code>nobroadcast</code> type for parameters)</p>



<a name="148887247"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887247" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887247">(Nov 30 2018 at 20:33)</a>:</h4>
<p>"it uses raw ptr internally so it broadcasted"</p>



<a name="148887252"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887252" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887252">(Nov 30 2018 at 20:33)</a>:</h4>
<p>now we may avoid this with raw</p>



<a name="148887254"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887254" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887254">(Nov 30 2018 at 20:33)</a>:</h4>
<p>but with int...</p>



<a name="148887264"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887264" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887264">(Nov 30 2018 at 20:33)</a>:</h4>
<p>and then if a function casts a pointer to an int, it has broadcasted</p>



<a name="148887308"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887308" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887308">(Nov 30 2018 at 20:34)</a>:</h4>
<p>(we'll be able to eliminate most of these, I think, in MIR)</p>



<a name="148887309"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887309" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887309">(Nov 30 2018 at 20:34)</a>:</h4>
<p>shame that that's a safe operation</p>



<a name="148887315"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887315" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887315">(Nov 30 2018 at 20:34)</a>:</h4>
<p>casting a pointer to an int needs to be a safe op</p>



<a name="148887318"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887318" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887318">(Nov 30 2018 at 20:34)</a>:</h4>
<p>because <code>HashMap&lt;*const (), VAL&gt;</code></p>



<a name="148887321"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887321" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887321">(Nov 30 2018 at 20:34)</a>:</h4>
<p>must exist</p>



<a name="148887323"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887323" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887323">(Nov 30 2018 at 20:34)</a>:</h4>
<p>is that so common?</p>



<a name="148887335"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887335" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887335">(Nov 30 2018 at 20:35)</a>:</h4>
<p>yea</p>



<a name="148887351"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887351" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887351">(Nov 30 2018 at 20:35)</a>:</h4>
<p>that HashMap is probably not even correct in C++. at least not if you compare ptrs at ptr type</p>



<a name="148887354"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887354" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887354">(Nov 30 2018 at 20:35)</a>:</h4>
<p>because ptrs with the same address but different provenance may compare inequal</p>



<a name="148887356"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887356" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887356">(Nov 30 2018 at 20:35)</a>:</h4>
<p>hashing pointers converts them to integers IIRC</p>



<a name="148887404"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887404" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887404">(Nov 30 2018 at 20:36)</a>:</h4>
<p>that seems like it should be invalid?</p>



<a name="148887406"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887406" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887406">(Nov 30 2018 at 20:36)</a>:</h4>
<p>it does</p>



<a name="148887407"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887407" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887407">(Nov 30 2018 at 20:36)</a>:</h4>
<p>right but HashMaps also do <code>==</code> on the keys because collisions</p>



<a name="148887431"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887431" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887431">(Nov 30 2018 at 20:36)</a>:</h4>
<p>why would you be comparing == pointers with different provenances?</p>



<a name="148887433"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887433" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887433">(Nov 30 2018 at 20:36)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> there's no good HTML C standard; do you have the C++ standard?</p>



<a name="148887436"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887436" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887436">(Nov 30 2018 at 20:36)</a>:</h4>
<p>HashMap already deals with erratic PartialEq, from a safety perspective</p>



<a name="148887449"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887449" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887449">(Nov 30 2018 at 20:37)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> I got <a href="https://timsong-cpp.github.io/cppwp/n4140/" target="_blank" title="https://timsong-cpp.github.io/cppwp/n4140/">https://timsong-cpp.github.io/cppwp/n4140/</a></p>



<a name="148887460"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887460" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887460">(Nov 30 2018 at 20:37)</a>:</h4>
<p>ah, that one also works, yeah</p>



<a name="148887461"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887461" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887461">(Nov 30 2018 at 20:37)</a>:</h4>
<blockquote>
<p>HashMap already deals with erratic PartialEq, from a safety perspective</p>
</blockquote>
<p>true but then it violates its functional properties</p>



<a name="148887467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887467">(Nov 30 2018 at 20:37)</a>:</h4>
<p>so the consequence is that you might get "safe erratic" behavior if you leave GCed keys in your hashmap</p>



<a name="148887471"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887471" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887471">(Nov 30 2018 at 20:37)</a>:</h4>
<p>the C standard people are more friendly to ISO rules about "not publishing their work online"</p>



<a name="148887472"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887472" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887472">(Nov 30 2018 at 20:37)</a>:</h4>
<p>I'm not sure that users intentionally do that</p>



<a name="148887474"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887474" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887474">(Nov 30 2018 at 20:37)</a>:</h4>
<blockquote>
<p>ah, that one also works, yeah</p>
</blockquote>
<p>you know another (better?) HTML version?</p>



<a name="148887488"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887488" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887488">(Nov 30 2018 at 20:37)</a>:</h4>
<p>no, they run the same code; <a href="http://eel.is/c++draft" target="_blank" title="http://eel.is/c++draft">eel.is/c++draft</a> is what we commonly use</p>



<a name="148887489"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887489" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887489">(Nov 30 2018 at 20:37)</a>:</h4>
<blockquote>
<p>the C standard people are more friendly to ISO rules about "not publishing their work online"</p>
</blockquote>
<p>I'd frame that as "less friendly to the public"^^</p>



<a name="148887541"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887541" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887541">(Nov 30 2018 at 20:38)</a>:</h4>
<p>not inaccurate</p>



<a name="148887558"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887558" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887558">(Nov 30 2018 at 20:38)</a>:</h4>
<p>side note, if we do get to the point where we release a standard, we should go with ECMA</p>



<a name="148887576"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887576" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887576">(Nov 30 2018 at 20:38)</a>:</h4>
<blockquote>
<p>no, they run the same code; <a href="http://eel.is/c++draft" target="_blank" title="http://eel.is/c++draft">eel.is/c++draft</a> is what we commonly use</p>
</blockquote>
<p>who is  "we" here? (just curious)</p>



<a name="148887619"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887619" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887619">(Nov 30 2018 at 20:39)</a>:</h4>
<blockquote>
<p>side note, if we do get to the point where we release a standard, we should go with ECMA</p>
</blockquote>
<p>my entirely uninformed opinion is to go with IETF. but whatever^^</p>



<a name="148887697"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887697" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887697">(Nov 30 2018 at 20:40)</a>:</h4>
<p>"people who work on C++"</p>



<a name="148887712"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887712" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887712">(Nov 30 2018 at 20:40)</a>:</h4>
<p>the IETF is not a standards organization, afaict</p>



<a name="148887727"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887727" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887727">(Nov 30 2018 at 20:41)</a>:</h4>
<p>well IETF does TCP/IP and similar. if these are not standards I dont know what is^^</p>



<a name="148887739"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887739" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887739">(Nov 30 2018 at 20:41)</a>:</h4>
<p>ECMA is a standards organization that encourages open standards, and has experience with languages</p>



<a name="148887758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887758">(Nov 30 2018 at 20:41)</a>:</h4>
<p>I don't care about whether governments consider these standards. practically speaking, IETF does standards. but yeah I dont think they do programming languages^^</p>



<a name="148887808"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887808" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887808">(Nov 30 2018 at 20:42)</a>:</h4>
<p>it's where C++ would move if the politics were to work out</p>



<a name="148887819"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887819" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887819">(Nov 30 2018 at 20:42)</a>:</h4>
<p>^^</p>



<a name="148887939"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887939" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887939">(Nov 30 2018 at 20:44)</a>:</h4>
<p>ECMA currently does Javascript, C#, Eiffel, and the CLI (C# backend)</p>



<a name="148887955"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887955" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887955">(Nov 30 2018 at 20:44)</a>:</h4>
<p>wow I had no idea they do C#</p>



<a name="148887960"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887960" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887960">(Nov 30 2018 at 20:44)</a>:</h4>
<p>also apparently Dart</p>



<a name="148887968"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148887968" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148887968">(Nov 30 2018 at 20:45)</a>:</h4>
<p><code>HashMap&lt;*const (), T&gt;</code> at least has the semantics where<br>
1. If you don't leave invalid elements in it, it acts as desired<br>
2. If you <em>do</em> leave invalid elements in it, it doesn't UB but can have erratic semantics</p>



<a name="148888008"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888008" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888008">(Nov 30 2018 at 20:45)</a>:</h4>
<p><span class="user-mention" data-user-id="126804">@Ariel Ben-Yehuda</span> that is the intention, yes. unfortunately I dont know how to give a proper account to ptr equality that is deterministic, and LLVM assumes it to be deterministic.</p>



<a name="148888051"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888051" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888051">(Nov 30 2018 at 20:46)</a>:</h4>
<p>(non-determinism would break <code>HashMap</code> but breaks some LLVM optimizations)</p>



<a name="148888078"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888078" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888078">(Nov 30 2018 at 20:46)</a>:</h4>
<blockquote>
<p>(non-determinism would break <code>HashMap</code> but breaks some LLVM optimizations)</p>
</blockquote>
<p>If it is not "undef" non-determinism, then it is no worse than any other erratic PartialEq impl</p>



<a name="148888083"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888083" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888083">(Nov 30 2018 at 20:46)</a>:</h4>
<p><code>BTreeMap&lt;*const (), T&gt;</code> is a totally different story... I am pretty sure that's UB in C/C++ and have no idea how to make it work in LLVM^^</p>



<a name="148888088"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888088" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888088">(Nov 30 2018 at 20:46)</a>:</h4>
<p>you might get random panics, or not find your elements, but you won't get UB</p>



<a name="148888096"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888096" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888096">(Nov 30 2018 at 20:47)</a>:</h4>
<blockquote>
<p>If it is not "undef" non-determinism, then it is no worse than any other erratic PartialEq impl</p>
</blockquote>
<p>agreed.</p>



<a name="148888104"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888104" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888104">(Nov 30 2018 at 20:47)</a>:</h4>
<p>and if LLVM just returns undef, then that's <em>prima facia</em> unsafety.</p>



<a name="148888120"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888120" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888120">(Nov 30 2018 at 20:47)</a>:</h4>
<p>yeah if LLVM can make ptr comparison undef then we are in trouble^^</p>



<a name="148888127"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888127" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888127">(Nov 30 2018 at 20:47)</a>:</h4>
<p>I dont think they want to, though</p>



<a name="148888209"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888209" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888209">(Nov 30 2018 at 20:48)</a>:</h4>
<p>And doesn't <code>BTreeMap&lt;*const (), T&gt;</code> have the same semantics in Rust?</p>



<a name="148888218"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888218" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888218">(Nov 30 2018 at 20:48)</a>:</h4>
<p>it uses <code>&lt;</code> in pointers</p>



<a name="148888222"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888222" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888222">(Nov 30 2018 at 20:48)</a>:</h4>
<p>yea</p>



<a name="148888227"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888227" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888227">(Nov 30 2018 at 20:48)</a>:</h4>
<p>which should <em>work</em> when they are valid</p>



<a name="148888240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888240">(Nov 30 2018 at 20:49)</a>:</h4>
<p>that's... uh. we make it UB/undef in our paper because we dont know how else to make the optimizations work^^</p>



<a name="148888245"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888245" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888245">(Nov 30 2018 at 20:49)</a>:</h4>
<p>and return an nondeterministic-but-not-<em>poison</em> value when they are not</p>



<a name="148888265"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888265" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888265">(Nov 30 2018 at 20:49)</a>:</h4>
<p>but TBH I dont think we spent much time on inequalities</p>



<a name="148888271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888271">(Nov 30 2018 at 20:49)</a>:</h4>
<p>same comment about returning UB/undef being <em>prima facia</em> unsafety</p>



<a name="148888354"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888354" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888354">(Nov 30 2018 at 20:50)</a>:</h4>
<p>yes if it returns undef then it would be wrong to make it safe in Rust</p>



<a name="148888422"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888422" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888422">(Nov 30 2018 at 20:51)</a>:</h4>
<p>I <em>think</em> replacing all undef by "non-deterministic but valid boolean" wouldn't break anything in our model but I might well be wrong. I should probably ask.</p>



<a name="148888511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888511">(Nov 30 2018 at 20:52)</a>:</h4>
<p>oh actually I misremembered. it is non-deterministic in our model, not undef or even UB</p>



<a name="148888515"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888515" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888515">(Nov 30 2018 at 20:52)</a>:</h4>
<p>so, good enough for erratic but safe <code>BTreeMap</code></p>



<a name="148888518"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888518" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888518">(Nov 30 2018 at 20:52)</a>:</h4>
<p>but not very satisfying</p>



<a name="148888529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888529">(Nov 30 2018 at 20:53)</a>:</h4>
<p>so I think we concluded that the MIR translation to LLVM should use broadcast, probably on ptr-&gt;int casts</p>



<a name="148888541"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888541" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888541">(Nov 30 2018 at 20:53)</a>:</h4>
<p>and we are not sure whether MIR itself should be defined as broadcast or provenance-based tracking</p>



<a name="148888554"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888554" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888554">(Nov 30 2018 at 20:53)</a>:</h4>
<p>and that calling an <em>unknown</em> function is a broadcast because <code>as_ptr</code> exists</p>



<a name="148888558"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888558" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888558">(Nov 30 2018 at 20:53)</a>:</h4>
<p>that seems to be the rough idea currently</p>



<a name="148888596"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888596" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888596">(Nov 30 2018 at 20:54)</a>:</h4>
<p>I still dont know exactly what broadcast means for noalias</p>



<a name="148888609"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888609" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888609">(Nov 30 2018 at 20:54)</a>:</h4>
<p>it seems that unknown functions broadcasting might be a big problem for noalias? (on the LLVM side)</p>



<a name="148888628"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888628" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888628">(Nov 30 2018 at 20:54)</a>:</h4>
<p>depends on how much unknown functions you have</p>



<a name="148888642"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888642" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888642">(Nov 30 2018 at 20:55)</a>:</h4>
<p>and on how well LLVM can infer <code>nocapture</code></p>



<a name="148888650"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888650" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888650">(Nov 30 2018 at 20:55)</a>:</h4>
<p>and <code>nobroadcast</code> I guess^^</p>



<a name="148888653"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888653" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888653">(Nov 30 2018 at 20:55)</a>:</h4>
<p>it might also be useful to have a way to "scope" broadcast</p>



<a name="148888663"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888663" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888663">(Nov 30 2018 at 20:55)</a>:</h4>
<p><code>nocapture</code> implies <code>nobroadcast</code></p>



<a name="148888664"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888664" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888664">(Nov 30 2018 at 20:55)</a>:</h4>
<p>no idea what that means though^^</p>



<a name="148888678"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888678" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888678">(Nov 30 2018 at 20:55)</a>:</h4>
<p>sort of</p>



<a name="148888686"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888686" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888686">(Nov 30 2018 at 20:56)</a>:</h4>
<p><code>broadcast</code> is already scoped</p>



<a name="148888726"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888726" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888726">(Nov 30 2018 at 20:56)</a>:</h4>
<p>once you pop it off the stack, it is gone</p>



<a name="148888740"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888740" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888740">(Nov 30 2018 at 20:56)</a>:</h4>
<p>oh I wasn't aware there's still a stack. LLVM doesn't have the stacks, or do you think it does?</p>



<a name="148888768"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888768" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888768">(Nov 30 2018 at 20:57)</a>:</h4>
<p>I mean, from a Rust POV there's still the stack thing</p>



<a name="148888777"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888777" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888777">(Nov 30 2018 at 20:57)</a>:</h4>
<p>or the "cactus stack"</p>



<a name="148888780"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888780" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888780">(Nov 30 2018 at 20:57)</a>:</h4>
<p>true</p>



<a name="148888785"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888785" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888785">(Nov 30 2018 at 20:57)</a>:</h4>
<p>lol^^</p>



<a name="148888787"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888787" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888787">(Nov 30 2018 at 20:57)</a>:</h4>
<p>which still has the same pop-when-you-write</p>



<a name="148888789"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888789" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888789">(Nov 30 2018 at 20:57)</a>:</h4>
<p>(even reads may pop)</p>



<a name="148888797"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888797" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888797">(Nov 30 2018 at 20:57)</a>:</h4>
<p>yea, pop-when-you-access</p>



<a name="148888799"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888799" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888799">(Nov 30 2018 at 20:57)</a>:</h4>
<p>ack</p>



<a name="148888813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888813">(Nov 30 2018 at 20:57)</a>:</h4>
<p>I'm not sure whether LLVM has pop-when-you-access ATM</p>



<a name="148888836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888836">(Nov 30 2018 at 20:58)</a>:</h4>
<p>that could be something worth adding</p>



<a name="148888869"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888869" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888869">(Nov 30 2018 at 20:58)</a>:</h4>
<p>true, braodcast is scoped in MIR by popping currently. but there is no way for a function to say "I am not like as_ptr", as in, "I may broadcast internally but not beyond this call"</p>



<a name="148888881"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888881" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888881">(Nov 30 2018 at 20:58)</a>:</h4>
<p>something like "auto-pop the stack <em>after</em> this function to be like it was right before"</p>



<a name="148888892"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888892" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888892">(Nov 30 2018 at 20:58)</a>:</h4>
<p>so one idea I had was to do auto-pops when you are in a function that doesn't contain an unsafe block</p>



<a name="148888896"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888896" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888896">(Nov 30 2018 at 20:59)</a>:</h4>
<p><code>mem::replace</code> would want that</p>



<a name="148888903"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888903" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888903">(Nov 30 2018 at 20:59)</a>:</h4>
<p>*to do them at the callee</p>



<a name="148888905"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888905" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888905">(Nov 30 2018 at 20:59)</a>:</h4>
<p>uuhh</p>



<a name="148888907"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888907" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888907">(Nov 30 2018 at 20:59)</a>:</h4>
<p>I... dont think I like that</p>



<a name="148888909"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888909" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888909">(Nov 30 2018 at 20:59)</a>:</h4>
<p><code>mem::replace</code> is <em>not</em> an unknown function</p>



<a name="148888919"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888919" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888919">(Nov 30 2018 at 20:59)</a>:</h4>
<p>LLVM will very quickly discover that it is <code>nocapture nobroadcast</code></p>



<a name="148888935"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888935" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888935">(Nov 30 2018 at 20:59)</a>:</h4>
<p>unless it does a broadcast by accident</p>



<a name="148888938"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888938" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888938">(Nov 30 2018 at 21:00)</a>:</h4>
<p>that's not enough on the MIR side though. it pushes a <code>Shr</code> and doesnt pop it</p>



<a name="148888999"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148888999" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148888999">(Nov 30 2018 at 21:00)</a>:</h4>
<p>so after calling it you are allowed to use raw ptrs to access</p>



<a name="148889014"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889014" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889014">(Nov 30 2018 at 21:00)</a>:</h4>
<p>well okay we said only for ints, but that's easily adapted</p>



<a name="148889020"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889020" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889020">(Nov 30 2018 at 21:00)</a>:</h4>
<blockquote>
<p>that's not enough on the MIR side though. it pushes a <code>Shr</code> and doesnt pop it</p>
</blockquote>
<p>umm that's why I wanted provenance for raw pointers</p>



<a name="148889026"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889026" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889026">(Nov 30 2018 at 21:00)</a>:</h4>
<p>imagine <code>mem::replace</code> would go through <code>usize</code></p>



<a name="148889037"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889037" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889037">(Nov 30 2018 at 21:00)</a>:</h4>
<p>yea, in that case it would be bad</p>



<a name="148889040"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889040" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889040">(Nov 30 2018 at 21:00)</a>:</h4>
<p>or something with tagged pointers</p>



<a name="148889042"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889042" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889042">(Nov 30 2018 at 21:00)</a>:</h4>
<p>or so</p>



<a name="148889060"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889060" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889060">(Nov 30 2018 at 21:01)</a>:</h4>
<p>I feel that's a bogeyman</p>



<a name="148889063"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889063" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889063">(Nov 30 2018 at 21:01)</a>:</h4>
<p>(the problems are the same no matter whether you make raw ptrs broadcast or just integers broadcast, so for now I made raw ptrs broadcast in Stacked Borrows for easier experimentation)</p>



<a name="148889128"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889128" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889128">(Nov 30 2018 at 21:02)</a>:</h4>
<p>we could add intrinsics for tags that don't broadcast</p>



<a name="148889130"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889130" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889130">(Nov 30 2018 at 21:02)</a>:</h4>
<p>if tags are improtant</p>



<a name="148889132"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889132" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889132">(Nov 30 2018 at 21:02)</a>:</h4>
<p>true</p>



<a name="148889141"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889141" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889141">(Nov 30 2018 at 21:02)</a>:</h4>
<p>and I expect more complicated uses to only occur in cases that are "definitely broadcast"</p>



<a name="148889147"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889147" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889147">(Nov 30 2018 at 21:02)</a>:</h4>
<p>*when the pointer is already "definitely broadcast"</p>



<a name="148889148"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889148" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889148">(Nov 30 2018 at 21:02)</a>:</h4>
<p>same as having an intrinsic for cast-to-int-then-icmp that doesnt broadcast. which we'd likely want for rust's ptr comparisons to make them definitely deterministic.</p>



<a name="148889163"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889163" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889163">(Nov 30 2018 at 21:03)</a>:</h4>
<p>@RalfJ I prefer the latter intrinsic to be PartialOrd::le</p>



<a name="148889355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889355">(Nov 30 2018 at 21:06)</a>:</h4>
<p>seems we just have to convince LLVM to have such broadcasts then. should be easy. :P</p>



<a name="148889358"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889358" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889358">(Nov 30 2018 at 21:06)</a>:</h4>
<p>And work items:<br>
1. investigate &amp; measure the perf impact of making ptrtoint side-effectful<br>
2. investigate &amp; measure the perf impact of using deterministic pointer comparisons<br>
3. figure out how to add broadcast to LLVM</p>



<a name="148889380"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889380" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889380">(Nov 30 2018 at 21:07)</a>:</h4>
<p>some of this measuring will be hard because LLVM doesn't currently implement a consistent semantics</p>



<a name="148889385"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889385" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889385">(Nov 30 2018 at 21:07)</a>:</h4>
<p><em>in particular</em> around ptrtoint/inttoptr</p>



<a name="148889389"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889389" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889389">(Nov 30 2018 at 21:07)</a>:</h4>
<p>"4". figure out whether we want provenance-based or broadcast-based semantics for MIR, but that feels like too much of a bikeshed right now (keywords: deflate-and-inflate RAM, easiness for checking)</p>



<a name="148889444"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889444" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889444">(Nov 30 2018 at 21:08)</a>:</h4>
<p>@RalfJ that's why it's "investigate &amp; measure"</p>



<a name="148889450"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889450" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889450">(Nov 30 2018 at 21:08)</a>:</h4>
<p>;)</p>



<a name="148889467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889467">(Nov 30 2018 at 21:08)</a>:</h4>
<p>also 3a. or so, "investigate how to integrate raw ptr provenance with Stacked Borrows"</p>



<a name="148889510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ariel Ben-Yehuda <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889510">(Nov 30 2018 at 21:09)</a>:</h4>
<p>sure, cool</p>



<a name="148889743"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148889743" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148889743">(Nov 30 2018 at 21:12)</a>:</h4>
<p>it's not entirely trivial, the naive thing doesnt work... I forgot why though. I should find out and describe it to y'all^^</p>



<a name="148892036"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892036" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892036">(Nov 30 2018 at 21:50)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> C++ has those same semantics for &lt; (unspecified, nondeterministic, but not UB)</p>



<a name="148892053"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892053" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892053">(Nov 30 2018 at 21:51)</a>:</h4>
<p>and it uses <code>std::less</code> to compare pointers for <code>std::map</code>, which creates a total ordering</p>



<a name="148892899"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892899" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892899">(Nov 30 2018 at 22:06)</a>:</h4>
<p><span class="user-mention" data-user-id="125253">@Nicole Mazzuca</span> IIRC C++ allows an "indeterminate" result at least for <code>==</code>, which would be undef in LLVM? Or has that changed on more recent versions?</p>



<a name="148892924"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892924" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892924">(Nov 30 2018 at 22:06)</a>:</h4>
<p>yeah, I believe it changed in C++14?</p>



<a name="148892960"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892960" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892960">(Nov 30 2018 at 22:08)</a>:</h4>
<p>it's now "unspecified"</p>



<a name="148892998"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148892998" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148892998">(Nov 30 2018 at 22:08)</a>:</h4>
<p>hm... <a href="http://eel.is/c++draft/expr.eq#3.1" target="_blank" title="http://eel.is/c++draft/expr.eq#3.1">http://eel.is/c++draft/expr.eq#3.1</a> says the result may be "unspecified"</p>



<a name="148893002"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893002" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893002">(Nov 30 2018 at 22:08)</a>:</h4>
<p>I have no idea what that means</p>



<a name="148893006"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893006" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893006">(Nov 30 2018 at 22:08)</a>:</h4>
<p>lemme look and check for sure what that means</p>



<a name="148893029"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893029" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893029">(Nov 30 2018 at 22:09)</a>:</h4>
<p><a href="http://eel.is/c++draft/defns.unspecified#:behavior,unspecified" target="_blank" title="http://eel.is/c++draft/defns.unspecified#:behavior,unspecified">http://eel.is/c++draft/defns.unspecified#:behavior,unspecified</a></p>
<blockquote>
<p>behavior, for a well-formed program construct and correct data, that depends on the implementation<br>
[ Note: The implementation is not required to document which behavior occurs.</p>
</blockquote>



<a name="148893056"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893056" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893056">(Nov 30 2018 at 22:09)</a>:</h4>
<p>now I am left wondering if the compiler may choose to make the result "indeterminate"</p>



<a name="148893061"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893061" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893061">(Nov 30 2018 at 22:09)</a>:</h4>
<p>I don't believe so</p>



<a name="148893070"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893070" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893070">(Nov 30 2018 at 22:09)</a>:</h4>
<p>but it also doesnt say the result may be non-deterministic</p>



<a name="148893125"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893125" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893125">(Nov 30 2018 at 22:10)</a>:</h4>
<p>as in, does comparing the same two pointers twice have to produce the same result?</p>



<a name="148893132"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893132" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893132">(Nov 30 2018 at 22:10)</a>:</h4>
<blockquote>
<p>The range of possible behaviors is usually delineated by this document.</p>
</blockquote>
<p>well, not in this case :/</p>



<a name="148893156"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893156" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893156">(Nov 30 2018 at 22:11)</a>:</h4>
<p>I believe it's something like "<code>a &lt; b</code>" must produce either true or false for any specific expression</p>



<a name="148893172"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893172" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893172">(Nov 30 2018 at 22:11)</a>:</h4>
<p>but does <code>(a &lt; b) == (a &lt; b)</code> always have to produce true?</p>



<a name="148893175"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893175" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893175">(Nov 30 2018 at 22:11)</a>:</h4>
<p>it doesnt <em>allow</em> non-determinism</p>



<a name="148893184"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893184" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893184">(Nov 30 2018 at 22:11)</a>:</h4>
<p>i.e., it's definitely gonna be one or the other, but it doesn't have to be consistent</p>



<a name="148893188"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893188" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893188">(Nov 30 2018 at 22:11)</a>:</h4>
<p>it also doesnt <em>forbid</em> an indeterminate value</p>



<a name="148893194"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893194" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893194">(Nov 30 2018 at 22:11)</a>:</h4>
<p>so this seems fairly vague to me</p>



<a name="148893236"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893236" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893236">(Nov 30 2018 at 22:12)</a>:</h4>
<p>the forbidding of an indeterminate value is implied</p>



<a name="148893251"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893251" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893251">(Nov 30 2018 at 22:12)</a>:</h4>
<p>so the comparison is nondeterministic, but each comparison produces exactly one value</p>



<a name="148893259"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893259" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893259">(Nov 30 2018 at 22:12)</a>:</h4>
<p>hm that would make sense (that it can't be indeterminate or plain UB), though I'd prefer if it said that in the def.n of "unspecified"</p>



<a name="148893282"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893282" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893282">(Nov 30 2018 at 22:13)</a>:</h4>
<p>I agree</p>



<a name="148893294"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893294" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893294">(Nov 30 2018 at 22:13)</a>:</h4>
<blockquote>
<p>so the comparison is nondeterministic, but each comparison produces exactly one value</p>
</blockquote>
<p>that seems to be the most liberal interpretation</p>



<a name="148893302"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893302" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893302">(Nov 30 2018 at 22:13)</a>:</h4>
<p>and it is in line with what we model for LLVM</p>



<a name="148893320"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893320" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893320">(Nov 30 2018 at 22:13)</a>:</h4>
<p>however, LLVM will (AFAIK) duplicate <code>icmp</code>, so it actually expects its own operation to be deterministic</p>



<a name="148893352"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893352" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893352">(Nov 30 2018 at 22:14)</a>:</h4>
<p>and I don't know how to model <em>that</em>^^</p>



<a name="148893362"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893362" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893362">(Nov 30 2018 at 22:14)</a>:</h4>
<p>yeah</p>



<a name="148893378"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893378" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893378">(Nov 30 2018 at 22:14)</a>:</h4>
<p>I doubt it's necessary, tbh</p>



<a name="148893382"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893382" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893382">(Nov 30 2018 at 22:14)</a>:</h4>
<p>duplicating?</p>



<a name="148893399"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893399" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893399">(Nov 30 2018 at 22:14)</a>:</h4>
<p>no, modeling anything more than nondeterminism</p>



<a name="148893412"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893412" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893412">(Nov 30 2018 at 22:15)</a>:</h4>
<p>on the surface language level, maybe</p>



<a name="148893421"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893421" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893421">(Nov 30 2018 at 22:15)</a>:</h4>
<p>I'd like to understand LLVM as well though</p>



<a name="148893428"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893428" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893428">(Nov 30 2018 at 22:15)</a>:</h4>
<p>faut</p>



<a name="148893434"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893434" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893434">(Nov 30 2018 at 22:15)</a>:</h4>
<p>*fair</p>



<a name="148893669"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893669" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893669">(Nov 30 2018 at 22:19)</a>:</h4>
<p>well, this has been interesting but it's getting late. see you later everyone!</p>



<a name="148893713"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893713" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893713">(Nov 30 2018 at 22:20)</a>:</h4>
<p>o7</p>



<a name="148893725"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893725" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893725">(Nov 30 2018 at 22:20)</a>:</h4>
<p>I already wanted to ask yesterday... what does "o7" mean?</p>



<a name="148893735"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893735" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893735">(Nov 30 2018 at 22:20)</a>:</h4>
<p>or is that "o/" plus "too lazy for shift"?^^</p>



<a name="148893749"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893749" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893749">(Nov 30 2018 at 22:20)</a>:</h4>
<p>(at least on the German keyboard, / is Shift-7)</p>



<a name="148893754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893754">(Nov 30 2018 at 22:21)</a>:</h4>
<p>nah, it's just a different wave</p>



<a name="148893774"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893774" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893774">(Nov 30 2018 at 22:21)</a>:</h4>
<p>okay :D <span class="emoji emoji-1f44b" title="wave">:wave:</span></p>



<a name="148893788"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893788" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893788">(Nov 30 2018 at 22:21)</a>:</h4>
<p>also, I think, from the documentation,  icmp on pointers should be exactly a ptrtoint comparison</p>



<a name="148893841"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893841" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893841">(Nov 30 2018 at 22:22)</a>:</h4>
<p>If the operands are pointer typed, the pointer values are compared as if they were integers.</p>



<a name="148893853"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/148893853" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#148893853">(Nov 30 2018 at 22:22)</a>:</h4>
<p>if a pass actually doesn't treat pointers like that, I feel like it should probably be seen as a bug</p>



<a name="150675051"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675051" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675051">(Dec 01 2018 at 08:14)</a>:</h4>
<blockquote>
<p>also, I think, from the documentation,  icmp on pointers should be exactly a ptrtoint comparison</p>
</blockquote>
<p>you mean in LLVM? we certainly have counterexamples for that and I think they are deliberate: LLVM will optimize <code>x == y</code> to <code>false</code> if they come from different <code>malloc</code>, even if (using <code>getelementptr</code>) they might be equal</p>



<a name="150675313"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675313" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675313">(Dec 01 2018 at 08:25)</a>:</h4>
<p>even if that's true, that feels like it should be treated as a miscompilation :&lt;</p>



<a name="150675314"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675314" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nicole Mazzuca <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675314">(Dec 01 2018 at 08:25)</a>:</h4>
<p>at least according to the documentation on <code>icmp</code></p>



<a name="150675615"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675615" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675615">(Dec 01 2018 at 08:37)</a>:</h4>
<p>You are right, it is pretty explicit about that:</p>
<blockquote>
<p>If the operands are pointer typed, the pointer values are compared as if they were integers.</p>
</blockquote>



<a name="150675804"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675804" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675804">(Dec 01 2018 at 08:45)</a>:</h4>
<p>LLVM also works really hard to make sure that icmp is observably deterministic</p>



<a name="150675844"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked%20borrows%3A%20llvm-noalias%20violation%20in%20safe%20code/near/150675844" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/stacked.20borrows.3A.20llvm-noalias.20violation.20in.20safe.20code.html#150675844">(Dec 01 2018 at 08:46)</a>:</h4>
<p>but I dont know how to turn that into a formal operational spec, because that would basically require knowing how an allocation is used already when it is created. and a syntactic analysis does not work because LLVM may optimize away uses.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>